Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to permit all attributes besides user_id using strong_parameters?

I would like to use something like that:

def answer_params
  params.require(:answer).permit!.without(:user_id)
end
like image 362
tomekfranek Avatar asked Mar 20 '13 16:03

tomekfranek


2 Answers

will this work?

params.require(:answer).permit!.except(:user_id)
like image 158
jvnill Avatar answered Sep 28 '22 07:09

jvnill


I just want to put this out here, whitelisting is not DRY. Imagine a JSON API for a document based entry that could have up to 100 (or more) attributes (key value pairs). Generally the only pieces you need concern with are attributes that can escalate privileges like user_id.

like image 43
Jason Kenney Avatar answered Sep 28 '22 09:09

Jason Kenney